Cybersecurity PKI Systems Administrator

Mid Senior

Overview

Support and maintain Public Key Infrastructure (PKI) systems for UNICC and partners.

You have:

• At least five (5) years of experience in certificate-based authentication, encryption, signature, and related usages onto data protection solutions.
• Experience with deployment and management of Hardware Security Modules.
• Experience with deployment and configuration of PKI solutions, including EJBCA, Azure, Dogtag, OpenXPKI.
• Strong understanding of Federation Protocols (Oauth, SAML, OpenID) and Single Sign On (SSO) models.
• Understanding of security control frameworks and zero trust approach.
• Proficiency in scripting languages (e.g., PowerShell, Python) to automate routine tasks.
• English: Expert knowledge is required; Knowledge of the local language of the Duty Station will be an advantage.

Contract

This is a G-5 contract. This kind of contract is known as General Service and related categories. It is normally only for nationals. It usually requires 5 years of experience, depending on education. More about G-5 contracts.

Position Summary

Job CategoryVacancy Vacancy Notice NumberICC/25/VAL/1 Position TitleCybersecurity PKI Systems Administrator Position TypeFixed term Number of Positions1 Date of Issue15/01/2025 Date of Closing05/02/2025 GradeG.5 Annual Salary EstimationUSD 44,068 (net, single rate, including post adjustment) Duty StationValencia, Spain Organizational Location/UnitCybersecurity Engineering Unit (CSE)

Position Description

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

Purpose of the Position:

The Cybersecurity PKI Systems Administrator will provide services to assist and support UNICC and its partners in maintaining and implementing Public Key Infrastructure (PKI) & Cryptography solutions and collaborate with other operations team in managing certificates, encryption keys, authentications, authorization, and similar activities. The incumbent will provide services to partner organizations either independently or through guidance on PKI specialist, depending on size and complexity of client organization and related needs.

Objectives of the Programme:

UNICC provides the digital foundations that support the digital transformation and future of the UN system and other international organizations.

Main duties and responsibilities:

The incumbent will work under the direct supervision and guidance of the Cybersecurity PKI Officer within the Cybersecurity Engineering Unit (CSE) in the Cybersecurity Division (CS), and will be in close collaboration with other CS Teams. The incumbent could be requested to do any other tasks of similar level in related fields. The postholder will work on the following tasks:

• Support the setup and configuration of Public Key Infrastructure (PKI) systems, following predefined guidelines and standards in mixed and hybrid environments
• Help implement automation processes for distributing digital certificates as part of the user onboarding and offboarding process, under the guidance of senior staff
• Assist in configuring and maintaining both physical and virtualized infrastructure; ensuring secure connections according to established best practices
• Under guidance of a senior staff, assist in the deployment and management of multi-factor authentication solutions, including certificate-based and non-certificate-based methods
• Help create and update documentation related to business continuity, ensuring all processes are clearly recorded and easily accessible
• Follow established best practices and the zero trust principle to support the enforcement of security measures related to organizational certificate usage
• Following the organization’s agreed-upon policies and procedures, assist in administering backups of various security solutions
• Provide assistance during internal and external audits by helping to compile and present the current status of PKI, Cryptography, and MFA solutions within the organization
• Provide oncall services to support the 24×7 cybersecurity service needs

Other:

• Provide other ad hoc support either within the team or in other teams as required – this includes the participation in special projects or support to service delivery for short period of time on a part-time or full- time basis upon request from the senior management
• The incumbent may be requested to provide support during weekends, holidays or outside working hours as well as to serve as a “stand-by” officer on a rotation basis

Recruitment Profile

Experience and Skills required:

Essential:

• At least five (5) years of experience in one or more of the following areas: Certificate-based authentication, encryption, signature, and related usages onto data protection solutions field / Deployment and management of Hardware Security Modules / Deployment and configuration of PKI solutions, including and not limited to EJBCA®, Azure®, Dogtag®, OpenXPKI
• A completed university degree from an accredited institution will be counted towards minimum work experience requirements
• Strong understanding with Federation Protocols (Oauth, SAML, OpenID), and Single Sign On (SSO) models
• Strong understanding of key ceremony process and its documentation Experience with managing quorum rotation and transfer of responsibility
• Proficiency in scripting languages (e.g., PowerShell, Python) to automate routine tasks, streamline processes, and perform bulk operations for directory services
• In-depth knowledge of EJBCA® usage together with HSMs
• Understanding of Post-Quantum cryptography and its compatibility matrix
• Understanding of security control frameworks and zero trust approach
• Experience in VIP Symantec® management and deployment
• Experience with Entrust®, Sectigo®, RSA®, CloudFlare®, KeyFactor®, Thales®, and Microsoft® products

Desirable:

• Project management skills and ability to work on multiple projects under strict timelines
• Experience with security incident response and management process relying on ServiceNow®
• Experience and understanding of Cloud WAF and DDOS protection management
• PowerShell knowledge with proved experience in automating autoenrolment for customized PKI solutions
• Understanding of CyberArk® database/vaults methodologies, management and maintenance

Education:

Essential:

• Successful completion of secondary school education or its equivalent, supplemented by specialized training in IT
• KeyFactor® University Certificates

Languages:

• English: Expert knowledge is required
• Knowledge of the local language of the Duty Station will be an advantage

****UNICC Global Competencies:****

• Teamwork: Develops and promotes effective relationships with colleagues and team members. Deals constructively with conflicts.
• Communicating: Expresses oneself clearly in conversations and interactions with others; listens actively. Produces effective written communications. Ensures that information is shared.
• Respecting and promoting individual and cultural differences: Demonstrates the ability to work constructively with people of all backgrounds and orientations. Respects differences and ensures that all can contribute.
• Knowing and managing yourself: Manages ambiguity and pressure in a self-reflective way. Uses criticism as a development opportunity. Seeks opportunities for continuous learning and professional growth.
• Producing results: Produces and delivers quality results. Is action oriented and committed to achieving outcomes.
• Moving forward in a changing environment: Is open to and proposes new approaches and ideas. Adapts and responds positively to change.

Other Information

Eligibility:

This position is subject to local recruitment pursuant to staff rule 4.4 of the United Nations Staff Rules. All staff in the General Service and related categories shall be recruited in the country or within commuting distance of each office, irrespective of their nationality and of the length of time they may have been in the country. A staff member subject to local recruitment shall not be eligible for the allowances or benefits exclusively applicable to international recruitment.

Compensation:

Annual Salary Estimation (net of tax at single rate):

• Valencia, Spain: EUR 44,068

UNICC also offers generous leave and absence allowances, flexible working hours, overtime compensation, teleworking, access to training, and depending on eligibility other benefits such as relocation grant, dependency allowance, language allowance, or education grant.

Closing date for applications:

Applications will be accepted until midnight (Geneva Time) on 05 February 2025.

Notes:

• Technical and/or personality tests may be carried out as part of the selection process
• Only short-listed candidates will be contacted
• Though you may not be selected for this advertised position, the UNICC will keep your application in a roster if your profile is deemed to be of potential interest for the Centre. You may thus be solicited by our HR department to participate in an interview for another position

Please inform us should you require any specific accommodation to facilitate your application

The UNICC workforce consists of many diverse nationalities, cultures, languages, and opinions. UNICC seeks to sustain and strengthen this diversity by ensuring equal opportunity and an inclusive working environment for its entire workforce. Applications are encouraged from all qualified candidates without distinction on grounds of race, ethnicity, sex, national origin, age, religion, disability, sexual orientation and gender identity.

For applications to be valid, they must contain a motivation letter and the filled Personal History Form.

Apply now

Potential interview questions

Added 1 year ago - Updated 1 year ago - Source: unicc.org